‘Part of continuing war with Russia’: Denmark blames ‘Fancy Bears’ for hack on armed forces emails
Danish armed forces personnel have had their emails hacked over the last two years, Denmark’s security service said. The hack has been attributed to ‘Fancy Bear,’ a hacking group said to have connections to Russia.
Denmark’s security service, Politiets Efterretningstjeneste’s (PET) Centre for Cyber Security said in its report that a “foreign player” had accessed non-classified documents, and found the hacking group APT [Advanced Persistent Threat] 28, aka Fancy Bear, was behind the hacks which took place between March 2015 and October 2016.
Denmark’s Defense Minister Claus Hjort Frederiksen told Berlingske, the hacks were the work of Russia, and “part of a continuing war with Russia,” which he described as being “very aggressive.”
Norway blames ‘Russian hackers’ after defense & security officials fall victim to phishing attack https://t.co/W0kA8QjFIn
— RT (@RT_com) February 4, 2017
"Russia as a state does not do hacking attacks," Kremlin spokesman Dmitry Peskov
said Monday.
Fancy Bear has been accused of being behind DCLeaks, the site which leaked emails from former NATO Commander General Philip Breedlove, emails connected to George Soros and his Open Society Foundation and Hillary Clinton emails. It was also linked to hacks on the World Anti-Doping Agency.
Fancy Bear was given its title by private security company CrowdStrike, which was hired by the Democratic National Committee after it was hacked during the 2016 election.
The company said Russian Intelligence Services-linked hacking groups, named APT28 and APT29, aka Cozy Bear, were behind the hack.
It tied an email phishing campaign, sent to more than 1,000 recipients, to APT29, and said some of the malware found on DNC computers was believed to be the same as that used by two hacking groups.
#Vault7 Part 3: #WikiLeaks reveals CIA’s ‘Marble’ tool used to avoid detection, misdirect authoritieshttps://t.co/etjRYQmmfX
— RT (@RT_com) April 2, 2017
It connected a domain name registration to an IP address tied to Fancy Bear, and found cyrillic text in the leaked files.
Recent WikiLeaks releases pertaining to CIA hacking tools suggest the agency has the ability to mask its own hacks by stealing other hacking fingerprints, allowing it to attribute blame to others. The techniques include the ability to “add foreign languages” to malware.
READ MORE: #Vault7: How CIA steals hacking fingerprints from Russia & others to cover its tracks